• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Geek's Advice

IT News, Software Reviews, How To's & Computer Help

  • News
  • Reviews
  • Removal guides
  • Fix
  • Tutorials
  • Forum
  • ASK A GEEK

What is COM Surrogate (dllhost.exe) and Why It Causes High CPU?

February 2, 2021 By Norbert Webb Leave a Comment

COM SURROGATE explained: what is it, and why is it running on your PC

Contents

  • COM SURROGATE explained: what is it, and why is it running on your PC
  • Identify COM SURROGATE virus easily
  • Do not stop or disable the process
  • Common Problems related to COM SURROGATE process

COM SURROGATE (dllhost.exe) is generally recognized as a legitimate Windows process, although it can also be a malware in disguise. The legitimate version is developed by Microsoft and its purpose is to run COM objects aside from original processes that request them. This helps to avoid host process crash in event of a COM object crash. The COM Surrogate process hosts .dll files, therefore its name is dllhost.exe. However, malware developers sometimes tend to leverage the well-recognized process name and use it to name malevolent programs. In this guide, we will explain everything about the safe process version and provide tips how to detect a fake one and remove it.

COM is a short for Component Object Model. It is an interface created in 1993 by Microsoft, allowing programmers to create COM objects easily. These objects integrate into various programs and extend them. Windows Explorer may use the Surrogate process to create thumbnails for documents, images, videos or other file types in a folder. Therefore, in case of a thumbnail creation procedure fail, the crash will happen to COM Surrogate process, but not the whole Windows Explorer.

what is com surrogate explained
You can check the host process for each of dllhost.exe via free Process Explorer software.

As suggested by Microsoft’s Raymond Chen, the process can be used in situations where the developer doesn’t feel sure about certain code. The problem can be solved by asking COM to host it in another process to avoid unnecessary crashes.

People often worry about High disk usage caused by this process. However, just like Microsoft Compatibility Telemetry or other processes, it might use a lot of RAM due to certain issues. We suggest running a quick free scan with RESTORO to identify troublesome programs and malware-related issues on the system.

SCAN WINDOWS SYSTEM

See Full Review

Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.

Identify COM SURROGATE virus easily

Since the process name is widely known to be originated from Microsoft, some cybercriminals might attempt to use its name for the malicious processes started on the target system. As a consequence, the victim will see COM Surrogate causing High CPU (100% disk) and possibly dublicates of it in Task Manager. One of the quickest ways to check whether you’re dealing with the real or fake dllhost.exe is to check its file location. You can do it this way:

  1. Open Windows Task Manager by pressing CTRL+ALT+DEL and then click Task Manager.
  2. Here, press C button repeatedly until you find COM Surrogate (it is a fast way to search by the first letter). Right-click the process and choose Open File Location option. TIP: You may need to check several processes, in case you see more than one COM Surrogate running on your PC).
  3. Check if the process-associated file is located in C:/Windows\System32 or C:/winnt/system32. It indicates that you are dealing with the genuine process. If the file is located anywhere else, you might be dealing with a virus.

One way or another, the only way to assure that it is safe or malicious is to boot computer in Safe Mode and run your antivirus software. It will use signature-based or machine-learning detection model to identify whether the COM Surrogate virus is real or not.

Some examples of viruses using this’ process name are Poweliks, Artemis, Nashi.A, Loveleet, and possibly other Trojans/rootkits.

Do not stop or disable the process

You cannot stop or disable COM Surrogate because it is an essential part of the whole Windows operating system. To be precise, it is responsible for smooth operation of COM objects and prevention of Windows Explorer crashes. These processes can be used by variety of programs (you may see several ones in WTM) to complete certain tasks outside the host process.

However, some users might feel the urge to disable the process due to certain problems caused by the process. In the majority of cases, the process will simply restart itself automatically. However, if you suspect that there is a serious or persistent problem with dllhost.exe, you may want to look deeper into it.

Common Problems related to COM SURROGATE process

Although the original DLLHOST.EXE process is safe and legitimate, there are some issues related to it that cause regular headaches for Windows users. Some of the most common issues related to it are:

COM Surrogate High CPU (high memory usage problem)

com surrogate high cpu
High CPU caused by the process can seriously slow down the computer system.

Many computer users report seeing an increased RAM usage by the said process. COM Surrogate causes high CPU in case of malware attack, corrupted files or outdated codecs. One way or another, you shouldn’t ignore this problem and take actions to fix it immediately.

SCAN WINDOWS SYSTEM

See Full Review

Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove detected issues manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.

COM Surrogate has stopped working

com surrogate has stopped working windows pop-up
The process may stop working due to various reasons.

The said error typically occurs while browsing media files – videos or pictures stored on a computer. Typical issues causing the error are outdated drivers, false positive antivirus interruption, or disk errors.

COM Surrogate keeps popping up

Users on various Internet forums often discuss yet another persistent annoyance related to DLLHOST.exe. They report that COM Surrogate pop-ups and disappears or minimizes other programs for them. It typically happens every 5 or 10 minutes. There are several known fixes for this error, including disk error checking or updating codecs.

COM Surrogate asking for password

COM Surrogate asks for password
Windows Security prompt associated with the process asks for email password.

Some users have reported an issue related to Windows Security COM Surrogate asking for password for email. It can happen after manually shutting down the process. The first thing you should try if you’re dealing with this issue is to perform clean boot and see if you’re getting the prompt there. If you do not get the issue while in Safe Mode, it means that the issue is related to some third-party program. Otherwise, the issue might be related to outdated system version, wrong software installation bit-wise or other issue.

Now that you’re know what is COM Surrogate and why it may cause High CPU, you can no longer worry about it. Or you can take actions and check your computer’s security as explained previously.

norbert webb author at geeksadvice.com
Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.

Filed Under: Tutorials Tagged With: COM Surrogate

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

SEARCH OUR SITE

Trending

decrypt files locked by stop djvu ransomware virus

Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2022 Guide)

You can decrypt or repair files encrypted by … [Read More...] about Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2022 Guide)

Remove STOP/DJVU Ransomware Virus (2022 Guide)

STOP/DJVU ransomware attacks continue in 2022: new … [Read More...] about Remove STOP/DJVU Ransomware Virus (2022 Guide)

Remove Segurazo Antivirus (SAntivirus Removal Guide 2021)

Segurazo review: is it a virus? Segurazo … [Read More...] about Remove Segurazo Antivirus (SAntivirus Removal Guide 2021)

easy ways to fix dns_probe_finished_nxdomain error on windows, mac, android, chromebook

Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

DNS_PROBE_FINISHED_NXDOMAIN error … [Read More...] about Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

POPULAR SOFTWARE REVIEWS

Private Internet Access Review

Private Internet Access Review 2022: Fast, Secure & Cheap VPN

Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet … [Read More...] about Private Internet Access Review 2022: Fast, Secure & Cheap VPN

intego antivirus for windows review 2021

INTEGO ANTIVIRUS for Windows Review 2022: Strong rival to existing security products

Intego Antivirus for Windows: exceptional security for your PC INTEGO ANTIVIRUS for Windows is … [Read More...] about INTEGO ANTIVIRUS for Windows Review 2022: Strong rival to existing security products

INTEGO antivirus review for Mac 2021

Intego Antivirus Review: Best Mac Antivirus in 2022?

Intego Antivirus for Mac is probably the best security choice for OS X Intego Antivirus for Mac … [Read More...] about Intego Antivirus Review: Best Mac Antivirus in 2022?

OUR EXPERTS RECOMMEND

Comprehensive PC Repair Software

geek's advice recommends restoro pc repair as editors choice
DOWNLOAD NOW
  • Uses Avira engine to remove malware
  • Repairs Virus Damage
  • Fixes Windows Errors & BSOD
  • Replaces Damaged DLLs
  • Repairs Damaged Windows Settings
  • Identifies Hardware Problems

Compatible with Microsoft Windows.

Read Full Review

Robust Mac Antivirus

geek's advice recommends intego antivirus as editors choice
GET INTEGO
  • 24/7 real-time protection
  • Intelligent firewall
  • Scans emails for malware
  • Scans iOS devices & external drives
  • Excellent malware detection rate
  • Easy-to-use

Compatible with Mac OS X 10.9-11.

Read Full Review

Copyright © 2022 Geeksadvice.com. Any unauthorized copying, redistribution or reproduction of part or all of the site contents in any form is prohibited.

About Us · Terms of Use · Privacy Policy · Contact Us

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok